FRAMINGHAM (03/24/2000) - French smart-card users were in an uproar this week after officials at French interbank group Groupement des Cartes Bancaires in Paris revealed that a known algorithm could be used to create forged cards for certain transactions.
The algorithm, which was posted anonymously on an Internet chat site, was developed three years ago by Serge Humpich, a computer cracker who was given a 10-month suspended sentence by a French court for illegally accessing Cartes Bancaires' data processing system, introducing data into the system and counterfeiting five bank cards.
Humpich has predicted that forgers will be turning out false cards within weeks. But Herve de Lacotte, a spokesman for Cartes Bancaires, told Reuters that while forged bank cards could be used to buy train tickets and pay at parking meters or toll booths, they can't be used to withdraw cash or purchase expensive merchandise.
Such assurances have done little to quell the concerns of consumers in France, where 34 million bank cards contain embedded chips that are used to conduct everyday financial business, perform national health care transactions and make phone payments.
But smart-card vendors are trying to calm the fears the algorithm has provoked.
"It was not the French smart card that was hacked; it was the French banking-card system that was potentially impacted," said a spokeswoman for France-based Gemplus Corp., which has issued 450 million of the world's 900 million smart cards. "The information that was published by the hacker was not coming from the card and cannot be reused in other applications."
Passions surrounding bank card security have run so high in France that Roland Moreno, the inventor of France's smart cards, has offered 1 million francs to anyone who can crack a card's security code.
"This is simulation, not penetration," Moreno told Europe 1 radio. "Chip cards remain secure."
Smart cards are far less commonly used in the U.S., where they are primarily used as network authentication devices for secure access to computer systems.
Microsoft Corp. announced last year that it would begin selling software for Windows smart cards, which authorize access to corporate networks. The U.S.
Navy is also about to launch an extensive smart-card program for its personnel.